We have tried to configure SSL for CAS using steps as per below link
1) Used below command to generate a Key & CSR from openssl
sudo openssl req -new -newkey rsa:2048 -nodes -out dynatrace_XXXXXX.csr -keyout dynatraceXXXXX.key -config req.conf
2) Received .cer file from CA
Question 1 :Now how do i get this chain.txt as described in the Documentation link ?
Questinon 2 : What is the role of keystore if i have used openssl?
Question 3 : after my step 2 , what all is needed to complete SSL configuration?
Solved! Go to Solution.
Hi, have a look at the 2017 doc. It should be improved in comparison to the 12.4 one.
Hello! What about steps 7 and 8?
7. Open root.cer and webserver.cer in Notepad. Append all contents from each file (Control-A) and merge both into a new text file. Make sure to merge them in the same order they were opened: root followed by webserver.
8. Save the merged file as chain.txt .
Try the following procedure:
1. Create key:
keytool -genkeypair -keyalg rsa -keystore [keystorename].jks -storepass [keystorepassword] -alias [alias]
2. Create cert request using names defined in previous step:
keytool -certreq -alias [alias] -keystore [keystorename].jks -storepass [keystorepassword] -file my_new_cert.csr -validity[number of days]
3. Send certificate request file (my_new_cert.csr in this example) out to sign
4. Make sure your certificate is in Base64 X509 format, if not - make proper conversion:
(a) In case you received your signed cert from root CA:
(b) In case you received your signed cert from non-root CA:
5. Import signed user certificate.
keytool -import -alias tomcat –keystore [keystorename].jks –storepass [keystorepassword] -trustcacerts -file signed_cert.cer
6. Export key created at the begining to PKCS12 format.
keytool -importkeystore -srckeystore [keystorename].jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore pkey.p12
7. Convert exported PKCS12 binary file to PEM format
openssl.exe pkcs12 -in [path.to]pkey.p12 -nodes -nocerts -out [path.to]pkey.pem
8. Configure the following settings in the /config/common.properties file:
9. Set the key password.